Criminal Gangs Make €1.5bn A Year From EU Card Fraud

Organised criminal gangs in Europe are making as much as €1.5 billion a year from card fraud, thanks to the highly-structured nature of their illegal operations, according to a report from Europol.

Crooks are taking the money and, outside of spending it, are reinvesting in new technology and skills to hide their crimes from police.

Europol said most of the illegal transactions took place outside of the EU, with many data breaches occurring in the US, but still member states were badly affected. Card fraud is a global issue, ignorant of national borders – one major problem that police face when investigating crimes.

Card fraud crazy

“Despite the huge number of identified perpetrators, many of them remain unidentified and are still actively involved in payment card fraud,” Europol warned.

The body said in 2011 around 60 percent of payment card fraud losses, totalling €900 million, were caused by card-not-present (CNP) fraud, carried out over the Internet rather than physical theft of cards or skimming.

“Within the major card-not-present fraud investigations supported by Europol, the main sources of illegal data were data breaches, often facilitated by insiders and malicious software,” the report read.

“In most of these cases the quantity of compromised card details is substantial, reaching hundreds of thousands or millions, enabling criminals to sell the bulk data on the internet.”

One of the biggest problems to emerge in the last decade is the propagation of carding sites, where information is traded between crooks. But regulation has not kept up with such changes, Europol argued.

“A major problem in the EU is the lack of proper regulations for reporting data breaches to police authorities,” it added.

“Law enforcement agencies, even if aware of a breach, have difficulties finding information on, and links to, the point of compromise, stolen data and illegal transactions

“Common European legal solutions for the security of online retail payments (internet, mobile), as well as the mandatory reporting of financial data breaches, should be considered to prevent fraud affecting EU citizens.”